Jump to content

How create a HIPS rule for Winlogon?


Go to solution Solved by Malaque,

Recommended Posts

  Hello. I'm still having some issues with Nod32, especially with logout session in user accounts of Windows 10

 

https://forum.eset.com/topic/7345-is-eset-crashing-my-windows-10/

 

I've enabled HIPS register and i've seen that the HIPS is blocking Winlogon process (selfdefense). I wonder how could I create a Rule exception for unblock Winlogon in HIPS module. 

 

 Thanks

Edited by Malaque
Link to comment
Share on other sites

  • Solution

Randomly, not always, when i log out of an user session, Windows 10 crashes with this message:

hxxp://i.imgur.com/RpmXrJQ.jpg

In log HIPS, i've seen this event many times:

35]17/02/2016 15:41:03

35]C:\Windows\System32\svchost.exe

35]Obtener acceso a otra aplicación

35]C:\Windows\System32\winlogon.exe

35]acceso parcial bloqueado

35]Autodefensa: No permitir la modificación de procesos del sistema

35]Terminar/suspender otra aplicación

35]Now i set HIPS in Learning Mode and see if the crash back again. Maybe disabling Self-defense or creating a HIPs rule could help...

Edited by Malaque
Link to comment
Share on other sites

 

[Malaque]   Disabling Self-Defense... problemas gone. Thanks

 

You shouldn't do this! Instead try it with a new HIPS rule, manually entered, see the screenshots (#4: you select 'winlogon.exe', of course). This way the 'winlogon.exe' crash (?) should go away. (In Win7 my HIPS log is full of the same entries as you have, but there's no crashing because of that. And there's no HIPS rule for 'winlogon.exe'. On the other hand I never log out and choose another user login: starting PC, restricted user login, PC shutdown, that's all...)

 

The pictured new HIPS rule should be 100% safe anyway, and don't forget to reenable ESET Self Defense! (But I doubt, that indeed ESET V9 in combination with Win10 has to be blamed for the described crash.)

 

Try it and report back. Thanks.

 

HTH

post-3617-0-95681000-1455749113_thumb.png

post-3617-0-59179000-1455749121_thumb.png

post-3617-0-76184600-1455749129_thumb.png

post-3617-0-83106500-1455749137_thumb.png

Link to comment
Share on other sites

 

 

[Malaque]   Disabling Self-Defense... problemas gone. Thanks

 

You shouldn't do this! Instead try it with a new HIPS rule, manually entered, see the screenshots (#4: you select 'winlogon.exe', of course). This way the 'winlogon.exe' crash (?) should go away. (In Win7 my HIPS log is full of the same entries as you have, but there's no crashing because of that. And there's no HIPS rule for 'winlogon.exe'. On the other hand I never log out and choose another user login: starting PC, restricted user login, PC shutdown, that's all...)

 

The pictured new HIPS rule should be 100% safe anyway, and don't forget to reenable ESET Self Defense! (But I doubt, that indeed ESET V9 in combination with Win10 has to be blamed for the described crash.)

 

Try it and report back. Thanks.

 

HTH

 

 

Thanks for your reply. Really i still create a rule, similar as yours, but problem back again. Even i delete one of the suspitious users accounts and create it again, but it not solves the issue. I'm not a patient man (i'm very busy), so finally i've uninstalled Nod32 in my desktop PC, and installed this license in my laptop (single user) and not problems. In my desktop PC i've installed KIS 2016 and it's running fine. Thanks again for your support.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...